Is it the best way to have a centralized log insight for all tenants / business groups or to have a dedicated log insight for each of them?
In fact it strongly depend on your operational model. Is it the same team that will work on the logs and it's not department or business unit dedicated? Such use case better fits having one instance where you aggregate all the logs.
Keep in mind if you are targetting muli-region deployment you'll need separate vRLI instanced with log forwarding set up between them for redundancy.
Hello, our goal is that administrators of each tenant/business group are able to access relevant logs related to their tenat/BG only.
In that case best option would be to create one instance of Log Insight and filter user access using RBAC + data sets as mentioned before.
This way you aggregate all the logs in one place and are able to quickly define the views for particular users assocaited with tenants/business groups.
we were trying to implement the suggested solution, but while it seems to be pretty simple to create a data set filtered by tenant ("tenant" and "tenantid" filters are present in the drop down menu) we seem unable to find the relevant Business Group filter. Do you have any useful pointer?
Thank you for your efforts,